Chapter 3: Building Your Active Directory Structure Objectives

Size: px
Start display at page:

Download "Chapter 3: Building Your Active Directory Structure Objectives"

Transcription

1 Chapter 3: Building Your Active Directory Structure Page 1 of 46 Chapter 3: Building Your Active Directory Structure Objectives Now that you have had an introduction to the concepts of Active Directory and have reviewed DNS, it is time to start looking at how to work with Active Directory. Some of the objectives and subobjectives from the units "Installing, Configuring, and Troubleshooting Active Directory" and "Managing, Monitoring, and Optimizing the Components of Active Directory" are covered in this chapter. The other objectives and subobjectives are covered in other chapters. The first part of this chapter will look at the logical structure of Active Directory. The last part of the chapter will show you how to create a root domain. Install, configure, and troubleshoot the components of Active Directory. l Install Active Directory. l Verify Active Directory installation. l Create sites. l Create subnets. l Create connection objects. l Create site links. l Create site link bridges. l Move server objects between sites. l Create global catalog servers. This objective is included primarily to make sure you can install Active Directory and verify that it is installed. This objective also is included to ensure that you can configure a domain to match the physical network. You should know the requirements for installation, primarily the DNS server requirements. You should also understand the changes made to the system due to the installation. The domain configuration aspect of this objective requires that you know how to set up Active Directory based on the network. This includes creating sites, which are collections of subnets, and then making sure replication is possible using site links and site link bridges. You also need to know how to create a connection object. Using connection objects, you can override the system-generated connections. Finally, you need to know how to create a global catalog server. Manage and troubleshoot Active Directory replication.

2 Chapter 3: Building Your Active Directory Structure Page 2 of 46 l Manage intrasite replication. l Manage intersite replication. This objective is included to ensure that you are familiar with the replication process and are able to recognize and resolve replication issues. An important aspect of managing and troubleshooting Active Directory replication includes understanding the Knowledge Consistency Checker and how it works with site links to build the replication topology. You also need to know how to control the replication topology with the NTDS settings. Outline Introduction Understanding AD s Logical Structure l Domains l Trees and Forests l Organizational Units Installing the First Domain l Prerequisites l Naming Your Domain l The Installation Process l Verifying the Installation Other Installations l Adding a Domain Controller l Adding a Child Domain l Creating a Forest Working in the Physical Network l Working with Sites Adding a Site Renaming a Site Deleting a Site Site Properties l Working with Subnets Adding a Subnet Deleting a Subnet Moving a Subnet Replicating Active Directory Information

3 Chapter 3: Building Your Active Directory Structure Page 3 of 46 l How Replication Works l Replication Within a Site l Connection Objects l Replication Between Sites Moving Domain Controllers Connecting Sites Bridgehead Servers Site Link Bridges l Global Catalog Servers Chapter Summary Apply Your Knowledge Study Strategies This chapter covers three main topics: logical structure, physical structure, and replication. You should understand how these work together to move information around an Active Directory network. Most notably, you should pay attention to the following: l The installation of domain controllers and their differences depending on where they are logically located l The creation and use of sites and site links l The role and function of the Knowledge Consistency Checker l The ways in which replication takes place and how replication works l How to use global catalog servers and where they should be placed Introduction The domain controllers serve as the backbone to the network, and being able to implement them in a logical manner is key to the success of any Windows 2000 deployment. In this chapter, you will look at how to roll out the domain controllers and how to configure replication between these controllers. Keeping your organization running smoothly requires the replication of information about both the structure of and the objects in Active Directory. The chapter begins with a discussion of the logical structures that make up the Active Directory and then moves on to installing domain controllers. After that, the physical world is introduced, and the discussion will turn to subnets and sites. This leads to the discussion of the replication of Active Directory both within a site and between sites. Understanding AD s Logical Structure

4 Chapter 3: Building Your Active Directory Structure Page 4 of 46 Although some of the following information has already been introduced, it is worth taking a closer look at the logical structures that make up Active Directory. The discussion will begin with a look at domains and the purpose of domains, which are the building blocks of the logical structure. Then the discussion will turn to the ways in which you can tie domains together into trees and, eventually, how trees can expand to make up a forest. Domains The basic unit you deal with is the domain, just like Windows NT 4.0. By breaking your enterprise into different domains, you achieve several benefits: l Domains enable you to organize objects within a single department or a single location. Within the domain, all information about the objects is available. l Domains act as a security boundary; domain administrators have complete control over all the resources within the domain. Group policies can be applied at the domain level. Group policies determine how resources can be accessed, configured, and used. l Domain objects can be made available to other domains and can be published in the Active Directory. l Domain names follow the DNS naming structure. This permits an infinite number of child domains. l Domains enable you to control replication; objects stored in the domain are only fully replicated to other domain controllers in the domain. There are two ways to create Active Directory domains: by upgrading a Windows NT 4.0 domain or by installing a Windows 2000 Server and then promoting it to be a domain controller. After you have created a root domain, you can then move on to create trees. A tree always starts with the root domain but then can branch out to include other domains. This provides you with the first level of hierarchies within Active Directory. Trees and Forests When you are controlling the domain, you are dealing with the working level of the network. Users are located in domains. Computers are located in domains. To tie the domains together, you need to organize them into a logical structure. This structure will either be a domain tree or a forest. Obviously, this is why we had the discussion on DNS in Chapter 2, "Configuring DNS for Active Directory." The DNS hierarchy is used in Windows 2000 to tie the various domains together and to create the domain tree. If you start with a domain such as Widgets.com, for example, you could create a single domain that contains all the objects in your enterprise. However, this might not be practical if your organization has offices in two major geographical areas and if each area works independently from the other. In this case, you might opt to create separate domains that could be independently managed. In Figure 3.1, you will notice that there is a Widgets.com as well as an East.Widgets.com

5 Chapter 3: Building Your Active Directory Structure Page 5 of 46 and a West.Widgets.com. In this case, the top domain is simply a pointer to one or the other of the lower-level domains. Figure 3.1 A sample domain tree for Widgets.com broken down using geography. If you were to break the organization down along the lines of an organizational chart, the tree might look more like Figure 3.2. In this figure, there is a domain for sales and marketing, a domain for logistics (production and shipping), and a domain for research and development. The administration and other support roles, in this case, would be in the top-level domain. Remember from Chapter 1, "Understanding Active Directory," that throughout this enterprise, there would be a single schema, a common global catalog, and transitive two-way trust relationships. Figure 3.2 A sample domain tree for Widgets.com broken down by function. There are some cases, however, in which a domain tree will not work. In cases in which different parts of the organization need to have separate public identities, you cannot use the same structure if the internal naming is to mirror the external nature. In a case such as this, you might have more than one tree. However, it is still important to keep the three common elements: shared schema, shared configuration, and the global catalog. To do this, one of the domains will become the root of the enterprise. The other domains will be children even though their names look different. In Figure 3.3, Stuff.com has been added. Convention dictates that the line joining the new tree to the forest is drawn to the top of the root to show that it is not just a child domain. Figure 3.3 A sample domain forest. From here, you could add children to Stuff.com (see Figure 3.4). Figure 3.4 An expanded domain forest. After you have installed the first domain controller for the first domain, you can begin to build the hierarchy by using DCPROMO to create other domain controllers. During the promotion, you will have the option of creating new domain controllers in the existing domain, a new controller for a new child domain, or a new root controller for a new tree in the forest. The combination of trees and forests provides you absolute flexibility in the design of your domain structure and, therefore, in the design of your Active Directory. Now that you have knowledge of domains, which provide your first level of hierarchy, it makes sense to move on and talk about organizational units (OUs). OUs provide the secondary level of hierarchy. They let you break down a domain into logical units that you can control, to a degree, independently. Organizational Units The capability to delegate control of part of a domain to a user or a group of users is new to Windows

6 Chapter 3: Building Your Active Directory Structure Page 6 of This is achieved through the use of organizational units. An organizational unit is a container within the Active Directory you create. After you create the container, you can move computers, users, and other objects into the container. After this is accomplished, you could delegate control of those objects in the container to a set of users or groups. As a domain administrator, you would still have control, but the people you delegate can also control these objects. This enables you to create workgroup administrators who can handle a limited section of your domain. You can also apply group policies to the organizational unit that are different from those policies you applied to the domain. Figure 3.5 shows an example of how the Widgets.com network could be fit into a single domain while still providing local administrators to deal with a group of users and computers. Figure 3.5 The Widgets.com network designed using organizational units. You can even create organizational units within another organizational unit. This enables you to create a hierarchy of organizational units within a domain. You need to decide for your organization whether you should use domains or organizational units to manage users, computers, and the other objects in Active Directory. The following guidelines should be used to decide whether to use domains or organizational units: l Use domains if the organization is one in which different users and resources are managed by completely different sets of administrators. l Use domains for a network in which parts of the network are separated by a slow link. This can also be accomplished using sites, which we will see later in the section "Working in the Physical Network." l Use organizational units to mimic the structure of your organization. l Use organizational units to delegate administrative control over smaller groups of users, groups, and other objects. l Use organizational units if this particular part of your company is likely to change later. As you can see, the logical structure of Active Directory is used to build a hierarchy that enables you to organize users within any size of organization. Using domains, you can create security and replication boundaries; and then using organizational units, you can further divide domains into manageable sections. The planning of the Active Directory structure is the domain of the network planners. As the implementer, you now need to create the root domain and the rest of the tree and then the organization units. Installing the First Domain

7 Chapter 3: Building Your Active Directory Structure Page 7 of 46 Install, configure, and troubleshoot the components of Active Directory. l Install Active Directory. Obviously, this is an important objective because all the other work you will do depends on the capability to install Active Directory. This section starts with an examination of the root installation and then looks at verifying installations. From there, the discussion will turn to the other types of installations. Now that you are familiar with the logical structure of Active Directory, it is time to look at the installation of Active Directory. The installation is a simple process. Before beginning installation, however, you will want to have planned the structure of your enterprise. Prerequisites As you have probably guessed, a number of necessary items and tasks need to be completed before you install Active Directory. The following is a list of the key items that need to be in place: l You need to have a Windows 2000 Server, Advanced Server, or Data Center Server installed and running. l You should have a DNS server installed with a forward lookup zone configured. The DNS server needs to support Service (SRV) records and should allow for dynamic updates and standard zones incremental transfers. l You need to be sure that the correct DNS server is selected for the computer you are making a domain controller and that the name of the computer is correct. The computer also needs to have TCP/IP installed and correctly functioning. l You need to be sure that you have an NTFS partition on the computer you are making into a domain controller. You also need to have enough space for the directory (1GB is recommended). l You need to be sure that the system time zone is correct. You also need to be sure that the correct time is set on the system. In addition to the physical systems in place to install the domain controller, you need to know the name of the domain controller to install. You also need to know the domain name for the domain you are creating. Naming Your Domain There are several different ways you can decide to name the domain. The three main choices are: l Use your organization s real Internet domain name. This would mean that your internal and external identities would be the same, and the risk is that your Active Directory structure could easily become exposed to the public Internet.

8 Chapter 3: Building Your Active Directory Structure Page 8 of 46 l Use a subdomain under your existing Internet domain. In other words, create something like AD.widgets.com as the starting point for the Active Directory. This makes it easier to separate the public and private structure. However, this approach adds complexity to the naming system. l Use a totally separate name internally. This means you can keep the public and private parts of the network completely separate. Microsoft suggests that you can use.local if you plan to separate the internal and external naming of the organization. You might use Widgets.com for the Internet and Widgets.local for the Active Directory. The domain name, of course, should be decided before you begin to perform the installations. Naming domains will require probably a lot of discussion. Assuming you have all the required information and the prerequisites are met, it is time to install Active Directory. The Installation Process The installation of the root domain is very straightforward, and the complete process is outlined in the following Step by Step. Step by Step Installing Active Directory 1. From the Start menu, choose Run. Enter dcpromo and then click OK. 2. Click Next to pass the introductory screen of the Active Directory Installation Wizard. 3. Choose Domain Controller for a New Domain and then click Next (see Figure 3.6). Figure 3.6 Creating a new domain. 4. Choose Create a New Domain Tree and then click Next (see Figure 3.7). Figure 3.7 Creating a new domain tree. 5. Choose Create a New Forest of Domain Trees and click Next (See Figure 3.8). Figure 3.8 Creating a new domain tree in a new forest. 6. Enter the Full DNS name for the new domain and click Next (See Figure 3.9). Figure 3.9 Entering the name for your new domain.

9 Chapter 3: Building Your Active Directory Structure Page 9 of 46 Figure 3.10 The error indicates that the domain name exists as an NT 4.0 domain. 7. Confirm the down-level (NetBIOS) domain name (see Figure 3.11). Figure 3.11 The down-level domain name (used by non-active Directory clients). 8. Confirm the location of the Active Directory database and log files. It is best to place these on different drives for recoverability. Both must be located on a drive formatted with NTFS (see Figure 3.12). Figure 3.12 Specifying where the directory services database and log should be located. 9. Confirm the location of the SYSVOL directory (which replaces the Netlogon share). This must be located on a drive formatted with NTFS 5 (see Figure 3.13). Figure 3.13 Choosing the location for the SYSVOL. 10. The wizard now confirms your DNS server. You will receive a warning if it does not find the server (see Figure 3.14). Figure 3.14 You will receive this error if the system cannot find your DNS server. Figure 3.15 The installation will offer you the choice of installing DNS if it was not found. 11. Next you will receive a security warning about pre-windows 2000 RAS security. In NT 4.0 and prior, the RAS server had to allow clients to read domain information before authentication. If you run down-level RAS servers, you need to allow the weaker permissions. Choose the appropriate option and click Next (see Figure 3.16). Figure 3.16 This dialog box warns you about NT 4.0 RAS security. 12. Next you are prompted to enter the directory services Restore-mode password. You should make this a secure password and should safely store the password so it can t be forgotten (see Figure 3.17). Figure 3.17 Entering the directory services Restore-mode password. 13. The next screen will summarise all the choices you have made to this point. You should review the entries and, if necessary, use the Back button to go back and

10 Chapter 3: Building Your Active Directory Structure Page 10 of 46 change any of the options that are not correct (see Figure 3.18). Figure 3.18 Confirming all the choices you made. 14. Assuming that all has gone well, you should now get a final screen confirming the installation of Active Directory. Click Finish and then restart the computer (see Figure 3.19). Figure 3.19 The final dialog box summarizes your installation. Note - If the first part of the name is the name for your existing NT domain, you will receive a warning, and the down-level (NetBIOS) domain name will include a number to differentiate it from the existing domain. This will not happen when you upgrade an existing PDC (see Figure 3.10). At this point, Active Directory will be installed. After the system has restarted, you might want to verify the installation. Note - If the DNS server could not be located, the wizard will offer to install and configure it for you (see Figure 3.15). If you want the wizard to do this, click Yes. If you choose No, the installation will continue. You will receive numerous startup errors, however, and Active Directory will not work until you correct the problem. It is recommended that you allow the wizard to install and configure DNS if it cannot find an appropriate DNS server. Verifying the Installation Install, configure, and troubleshoot the components of Active Directory. l Verify Active Directory installation. After the installation of Active Directory, you should verify that the installation worked and that the system is running correctly. This will ensure that the other servers you add to the domain and the other domains you add to the tree will install correctly. It is a fairly simple matter to verify that Active Directory is installed on the computer. All you need to do is verify that the following options are now in the Administrative Tools folder on the Start menu. l Active Directory Users and Computer. This is used to manage users and computers as well as organizational units within your domain. l Active Directory Domains and Trusts. This is used to manage domains and trust

11 Chapter 3: Building Your Active Directory Structure Page 11 of 46 relationships with NT 4.0 domains. l Active Directory Sites and Services. This is used to configure the directory services site and the replication between sites. You can also use the following steps to make sure Active Directory is installed. Step by Step Verifying That Active Directory Is Installed 1. Open Active Directory Users and Computers. 2. Click on the Domain Controllers folder. 3. Verify that your computer is listed. Getting the first domain controller installed and running correctly is critical because all the other installations will need to communicate with this system as they proceed. After you have your first domain controller, you will need to add others. The next few sections cover the differences for the various types of setups you will need to perform. Other Installations Now that you have a working domain controller, you will want to add at least one other domain controller for redundancy. In most cases, you will add several more domain controllers to a domain. In addition, you need to be able to add other domains to your domain tree or more trees to the forest. This section looks at these types of installations. Adding a Domain Controller To provide redundancy and load balancing, you need to add more domain controllers to the domains you create. The process for adding a domain controller is straightforward. You begin with a computer with Windows 2000 Server, Advanced Server, or Data Center Server installed. Then you do the following. Step by Step Adding a Domain Controller to an Existing Domain 1. From the Start menu, choose Run. Enter dcpromo and then click OK. 2. Click Next to pass the introductory screen of the Active Directory Installation Wizard. 3. Choose Additional Domain Controller for an existing domain and then click Next.

12 Chapter 3: Building Your Active Directory Structure Page 12 of You will be asked for your network credentials. The credentials you provide should be those of a member of the Domain Admins group. When you have entered the credentials, click Next to continue. 5. Next you will be asked for the name of the domain you want to join. This is the full DNS name of the domain. You should make sure the system is using a DNS server that can resolve the name. After this is entered, click Next to continue. 6. You will now be asked where you want to put the database and the log for Active Directory. This needs to be on an NTFS partition. Enter the location for these files and then click Next to continue. 7. Next you need to enter the location of the SYSVOL directory. This also needs to be on an NTFS partition; after you have entered the location, click Next to continue. 8. You will be asked for the Active Directory Restore-mode password. Enter the password and click Next. 9. Next you will get the summary screen. Click the Finish button and the Active Directory information will be copied. 10. When the copy is finished, you are prompted to restart the computer. You should now be able to add a domain controller to an existing domain. Using multiple domain controllers is important for redundancy and for load balancing. The next section looks at adding a child domain to an existing domain. Adding a Child Domain As you build the Active Directory structure for your organization, you will probably need to add child domains. The process is more like creating a new domain than adding a domain controller. The basic steps follow. Step by Step Adding a Child Domain to a Domain Tree 1. From the Start menu, choose Run. Enter dcpromo and then click OK. 2. Click Next to pass the introductory screen of the Active Directory Installation Wizard. 3. Choose Domain Controller for a New Domain and then click Next. 4. Choose Create a New Child Domain in an Existing Tree and then click Next.

13 Chapter 3: Building Your Active Directory Structure Page 13 of Enter the network credentials for a user in the Enterprise Admins group from the parent domain and then click Next. 6. Enter the DNS name for the new domain and the parent domain and click Next. 7. Confirm the down-level (NetBIOS) domain name and click Next. 8. Confirm the location of the Active Directory database and log files. It is best to place these on different drives for recoverability. Both must be located on a drive formatted with NTFS. 9. Confirm the location of the SYSVOL directory (which replaces the Netlogon share). This must be located on a drive formatted with NTFS Next you get a security warning about pre-windows 2000 RAS security. In NT 4.0 and prior, the RAS server had to allow clients to read domain information before authentication. If you run down-level RAS servers, you need to allow the weaker permissions. Choose the appropriate option and click Next. 11. You will be asked for the Active Directory Restore-mode password. Enter the password and click Next. 12. Assuming all has gone well, you should now get a summary screen confirming the installation of Active Directory. Click Next and then restart the computer. After this installation, you would proceed to add more domain controllers to the new domain using the steps in Step by Step 3.3. Note - DNS Support Because this domain will be the start of a new tree, it will also be the start of a separate namespace. If the DNS server is not set up correctly, you will have the same options as you did during the installation of the initial domain controller as seen in Step by Step 3.1. Remember that child domains act as boundaries for replication and security. Child domains become part of the same namespace. In some cases, this isn t what you require, and you need to create a new tree, making a forest. Creating a Forest Creating a forest is the final setup we ll discuss. Your internal organization will probably use one naming scheme, so creating a forest is not a common event. In any case, the process is almost identical to that of adding a child domain. The following steps help you to create a forest.

14 Chapter 3: Building Your Active Directory Structure Page 14 of 46 Step by Step Adding a Root Server in a Forest 1. From the Start menu, choose Run. Enter dcpromo and then click OK. 2. Click Next to pass the introductory screen of the Active Directory Installation Wizard. 3. Choose Domain Controller for a New Domain and then click Next. 4. Choose Create a New Domain Tree and then click Next. 5. Choose Place this New Domain Tree in an Existing Forest and then click Next. 6. Enter the network credentials for a user in the Enterprise Admins group from the root domain and then click Next. 7. Enter the DNS name for the new domain and click Next. 8. Confirm the down-level (NetBIOS) domain name and click Next. 9. Confirm the location of the Active Directory database and log files. It is best to place these on different drives for recoverability. Both must be located on a drive formatted with NTFS. 10. Confirm the location of the SYSVOL directory (which replaces the Netlogon share). This must be located on a drive formatted with NTFS You next get a security warning about pre-windows 2000 RAS security. In NT 4.0 and prior, the RAS server had to allow clients to read domain information before authentication. If you run down-level RAS servers, you need to allow the weaker permissions. Choose the appropriate option and click Next. 12. You will be asked for the Active Directory Restore-mode password. Enter the password and click Next. 13. Assuming all has gone well, you should now get a final screen confirming the installation of Active Directory. Click Finish and then restart the computer. As you can see, building the logical structure of Active Directory is fairly simple, and with good planning, it should go fairly smoothly. Remember that domains act as security and replication boundaries, and this is the key reason for using them. If you were to put hundreds of domain controllers in a single domain, perhaps in different locations, you would still have a replication problem. This problem is addressed by using sites that enable you to further control replication. This requires addressing the physical network.

15 Chapter 3: Building Your Active Directory Structure Page 15 of 46 Working in the Physical Network Now that you have seen how to configure the logical portion of Active Directory, it is time to look at configuring the physical side. The physical parts of Active Directory, sites and subnets, are used to control replication. By creating sites and later site links, you will be able to determine at what times replication can occur and how often during that period it will happen. One of the key parts of using Active Directory is the TCP/IP requirement. TCP/IP is not required simply to enable Windows 2000 to use the DNS system, although that is very important. TCP/IP enables you to break your enterprise into sites and to control replication between sites. You will also be able to apply group policies to sites, enforcing certain settings for all the computers in a single location. A site is very simply one or more IP subnets connected by high-speed links. This is perhaps a little vague. High-speed is relative to your environment. Many factors need to be examined when determining what exactly is meant by high-speed. If your domain contains three million objects, your password policy requires passwords to be changed every seven days, and you experience a high turnover of employees, then a 10Mbps LAN might not be able to keep up with the replication required. On the other hand, if you have a few hundred objects in the Active Directory and there are few changes in your environment and only two domain controllers, you might find that a 128Kbps ISDN link is fine. As a rule of thumb, consider anything that runs T1 (1.54Mbps) and below to be a slow link. In these cases, you want to consider the effect of replication on the link. You probably need to create two sites so you can control the replication between them. The good news is that sites follow what most organizations already do with their networks. Also, sites are very easy to create and manage in Active Directory. Normally, you already have sites defined in your network, breaking the segments into manageable sections. These sections are normally implemented to control the traffic because this is also the point of sites; the translation from the physical segments into sites is very straightforward. Working with Sites Install, configure, and troubleshoot the components of Active Directory. l Create sites. If you were to allow uncontrolled replication on your network, you would have many problems with available bandwidth. This is notably the case when you have a link to a remote office. In these cases, you need to remember that sites are used to control replication traffic and to create the sites you need to control the traffic. You need to be able to create and manage sites within the Active Directory. The following sections outline how to create and remove sites. Then you will see how to add subnets to a site and how to move domain controllers to a site.

16 Chapter 3: Building Your Active Directory Structure Page 16 of 46 Adding a Site Adding a site is a very simple procedure. The following steps are involved. Step by Step Creating a Site 1. Start Active Directory Sites and Services. 2. Right-click on the Sites folder and choose New Site (see Figure 3.20). Figure 3.20 Choose New Site from the context menu. 3. In the New Object Site dialog box, enter the name of the new site (see Figure 3.21). Letters and numbers are allowed, but spaces and special characters are not. Figure 3.21 Enter the name of the new site. 4. Click one of the site links and then click OK. Site links are covered later in this chapter. 5. You will get a message telling what the next steps are (see Figure 3.22). Click OK to continue. Figure 3.22 A message tells you what the next steps are to complete the site. As you can see, creating a site is a simple process. You can also rename and delete sites. Renaming a Site Renaming a site is as simple as renaming a file. The following steps are all you need to do to rename a site. Step by Step Renaming a Site 1. Open Active Directory Sites and Services. 2. Open the Sites folder and click on the site you want to rename. 3. Click once again or right-click and choose Rename. 4. Enter the new name and press Enter.

17 Chapter 3: Building Your Active Directory Structure Page 17 of 46 Renaming is useful when you are reorganizing your network or if a remote office changes purpose. Renaming is also useful when a site no longer is needed. Deleting a Site Deleting a site is just as simple as renaming a site. You should make sure the site is empty before you delete the site; otherwise, some objects could be lost. The following Step by Step walks you through deleting a site. Step by Step Deleting a Site 1. Open Active Directory Sites and Services. 2. Open the Sites folder and click on the site you want to delete. 3. Press the Delete key or right-click and choose Delete. You will get a confirmation dialog box (see Figure 3.23). Figure 3.23 The confirmation dialog box. 4. If you re sure you want to delete the site, click Yes. You will get a warning about a site being a container object and that deleting the site will delete the other objects (see Figure 3.24). Figure 3.24 This dialog box is warning you that other objects could be deleted along with the site. 5. Choose Yes to complete the deletion. Again, you normally only delete sites if you are reorganizing your physical network. In addition to creating, renaming, and deleting sites, you should be aware of and be able to set the properties of the sites in your network. Site Properties There are some properties you can set for the sites you create in the Active Directory. The following sections describe the properties that can be set for a site. To set the properties, right-click on the site name and choose Properties. This will bring up the Properties dialog box (see Figure 3.25). Figure 3.25 The site Properties dialog box.

18 Chapter 3: Building Your Active Directory Structure Page 18 of 46 The following are the properties you can set on each tab: l Site. Enter a description for the site on this tab. l Location. This enables you to enter a location for the site. l Object. This enables you to see the full name of the object and other details such as when it was created. There is nothing you can edit on this tab. l Security. This enables you to set the security for the object in Active Directory. The default security enables administrators to manage the site and enables others to read the information. l Group Policy. This enables you to assign group policies to the site and create and modify the policies. Remember that a site is defined as a group of IP subnets connected using high-speed networking. This means you need to be able to work with subnets as well. Working with Subnets Install, configure, and troubleshoot the components of Active Directory. l Create subnets. Now that you can create and delete sites, you need to be able to populate the sites. This is a matter of deciding which subnets should be in a site and creating them in Active Directory. Decisions about which subnets to include will depend on the network design and how you will actually control the location of objects in Active Directory. Subnets need to be added, deleted, and moved between sites. In addition, like the other objects in Active Directory, you can set various properties for subnets. The next few sections show you how to perform these functions. Adding a Subnet Adding a subnet is very simple, as you will see in the following Step by Step. Step by Step Creating a Subnet in Active Directory 1. Open Active Directory Sites and Services. 2. Right-click on the Subnets folder and choose New Subnet. 3. In the dialog box, enter the IP address and subnet mask for a system on that subnet. 4. The system automatically converts the information to network ID/number of bits

19 Chapter 3: Building Your Active Directory Structure Page 19 of 46 notation (see Figure 3.26). Figure 3.26 The dialog box used to add subnets. 5. Select the site to which you want to add the subnet and then click OK. Again, adding a subnet is very simple, but before you click OK, you should make sure you have entered the correct information. Sometimes you will need to delete a subnet. Deleting a Subnet Deleting a subnet is as simple as adding a subnet. Follow the following steps to learn how to delete a subnet. Step by Step 3.10 Deleting a Subnet 1. Open Active Directory Sites and Services. 2. Open the Subnets folder and click on the subnet to delete. 3. Press the Delete key or right-click and choose Delete. You will get a confirmation dialog box. 4. Click Yes to confirm the deletion. Although you can delete subnets, it is far more common to move a subnet to a different site. This happens as the network changes and the distribution of users and servers changes. Moving a Subnet There will be times when you need to move a subnet. This can happen when the network grows or shrinks or as the bandwidth between sites is increased. Figure 3.27 Moving a subnet is easy in the Properties dialog box. The steps for moving a subnet are, again, very simple, as shown in the following Step by Step. Step by Step Moving a Subnet to Another Site 1. Open Active Directory Sites and Services. 2. Open the Subnets folder and click on the subnet you want to move.

20 Chapter 3: Building Your Active Directory Structure Page 20 of Right-click and choose Properties. 4. In the Properties dialog box (see Figure 3.27) on the Subnet tab, use the Site dropdown list to choose the site to which you want to move the subnet. 5. Click OK to complete the move. In most cases, even moving subnets is a rare occurrence. Moving subnets only happens when the physical network is reorganized. As you can see, there are other tabs in this dialog box. The following list describes the other options you can set on each tab. l Subnet. This tab enables you to enter a description for the subnet and move it to another site. l Location. This enables you to enter a location for the subnet. l Object. This enables you to see the full name of the object and other details such as when it was created. There is nothing you can edit on this tab. l Security. This enables you to set the security for the object in Active Directory. The default security enables administrators to manage the site and enables others to read the information. Now that you have created the sites, you need to move the domain controllers into the sites and configure the replication between the sites. Replicating Active Directory Information Replication is the process of taking information from one system and copying it to another system. In Windows 2000, replication is a very important element. Changes can occur at any domain controller, not just at a primary domain controller, which was the case in Windows NT 4.0. In addition to the multiple-master replication model for the domain objects, there is additional information that needs to be replicated throughout the organization. The following is a list of the key information that needs to be replicated. This section looks at Active Directory replication, starting with an overview of how it works. From there, the specifics of the intrasite replication will be discussed including a look at connections. After that, the discussion turn to how you can control replication between sites. Finally, there will be a quick look at how you configure a global catalog server. l Schema information. You saw in Chapter 1, "Understanding Active Directory," that this is the actual structure of the database that holds information about the objects in your enterprise. You might recall that all the domains and, therefore, all the domain controllers need to use the same schema for Active Directory to work correctly. The schema must be replicated to all domain controllers.

21 Chapter 3: Building Your Active Directory Structure Page 21 of 46 l Configuration information. This is the overall design of the entire enterprise. It includes the domains, their names, and where they fit into the hierarchy. It also includes other information such as the replication topology. This information is used by all the domain controllers and therefore is replicated to all domain controllers. l Domain data. This is the information you store about the objects making up your domain. All the information is replicated within a domain by the domain controllers. The global catalog servers throughout the enterprise replicate a subset of the information. As you can see, there are two levels of replication. There is the replication within a domain and the replication handled by the global catalog servers. The replication within a domain is primarily handled by the domain controllers. This replication is principally interested in the replication of all the objects in the domain with all the attributes for each of the objects. The global catalog servers handle the other replication. At least one global catalog server is required in the enterprise. There should also be one global catalog server for each domain and for each site in the enterprise. The global catalog servers are responsible for replication of the following information: l The schema information for the forest l The configuration information for all domains in the forest l A subset of the properties for all directory objects in the forest (replicated between global catalogs only) l All directory objects and all their properties for the domain in which the global catalog is located Now that you know what is replicated, we will look at how replication works. How Replication Works Replication is based on the Update Sequence Number (USN) in Active Directory. The USN tracks, for each domain controller, the number of changes it has made to its version of the directory. As a change is made, the current USN is assigned to the object, and the USN for the domain controller is incremented. Each domain controller keeps track of its own USN and the USNs for its replication partners. Periodically (every five minutes by default), the server checks for changes on its replication partners. Requesting any changes since the last-known USN for the partner accomplishes this check. The partner can then send all the changes since the USN number. A domain controller could be offline for a period of time, and after it comes back, it will quickly be able to get back up-to-date. There is a danger here. Assume a domain controller receives an update. It makes the change and then

22 Chapter 3: Building Your Active Directory Structure Page 22 of 46 updates its USN. The domain controller that made the change originally now requests the USN for the server that got the change. Its USN is updated, and therefore, the change is requested. The system that originated the change now has its own change back. If the system made the change and updated its USN, this whole cycle would repeat ad infinitum. To avoid this scenario, Active Directory tracks the number of originating writes that have occurred for each attribute. The number of times a user changed the value, rather than the number of times it was changed using replication, is tracked. In the preceding case, the first system in which the change was made will find that it has the correct originating write value and will not make the change. There is also the possibility that two different users could be changing the same attribute of the same object at the same time on two different controllers. When these changes both start to replicate, a conflict will be detected. Windows 2000 will choose the change with the newer time stamp (the more recent change) to resolve the conflict. If the two changes were made at the same millisecond, then the change with the higher globally unique ID will win. Now that you have seen the theory of replication, it is time to see how the replication is configured within a site and between sites. Replication Within a Site Manage and troubleshoot Active Directory replication. l Manage intrasite replication. Although there is little you need to do with intrasite replication, it is important for you to understand how it works and the components involved. This serves as a basis for intersite replication. Replication within a site is handled by Active Directory. There is no need for you to take any action. The Knowledge Consistency Checker (KCC) evaluates the domain controllers in the site and automatically creates a replication topology. In general, the KCC configures connections so that each domain controller replicates with at least two other domain controllers. The KCC automatically adjusts the replication topology as the network conditions change. As domain controllers are added or removed (or just moved), the KCC continues to make sure that each domain controller replicates with at least two others. Within a site, replication does not use compression, and in some cases (such as a password change), the replication is completed on an immediate basis. Replication within a site is quite easy to work with; there is nothing to do. The KCC does most of the work for you by creating the correct connection objects to link all your servers together. Connection Objects Install, configure, and troubleshoot the components of Active Directory. l Create connection objects. Connection objects serve as the backbone for replication; they define network paths through which replication can occur. You need to know what these are and how they are defined; you should also be

23 Chapter 3: Building Your Active Directory Structure Page 23 of 46 able to define them yourself. The KCC essentially manages the replication within a site by creating connection objects between the various domain controllers in the site. The KCC also creates connection objects between sites where required. A connection represents a permanent or temporary network path that can be used for replication. Normally, you will not create the connection objects within a site yourself. It is assumed that all the paths between servers are of equal speed, and therefore, the KCC should be able to handle creating the connection objects. You can create connections within a site. You can also edit the connections created by the KCC; however, you should be careful when doing this. In the case of a connection that you create, the connection is never evaluated by the KCC and is never deleted until you do so. This could cause problems if your network changes and you neglect to remove the connection you created. In cases in which you edit the connection that the KCC makes, the changes you make will be lost when the KCC next updates the connections. The main reason you might want to create a connection object is to specify the bridgehead servers that will be used to link to sites. The bridgehead servers will be the main method of replication across a site link. To create a connection object, follow these steps. Step by Step Creating a Connection Object Manually 1. Open Active Directory Sites and Services. 2. Expand the Sites folder and then expand the site for which you want to create a link. 3. Expand the Servers folder for the site and then expand the server that will be part of the connection. 4. On the NTDS Settings, right-click and choose New Active Directory Connection. 5. In the dialog box that appears, choose (or find) the server to which you want to create the link and then choose OK. Connection objects, as you have seen, provide the network paths for replication. This is true whether the connection is within a site or is used to link two sites together. Replication Between Sites Manage and troubleshoot Active Directory replication. l Manage intersite replication.

24 Chapter 3: Building Your Active Directory Structure Page 24 of 46 The capability to manage intersite replication is critical for administrators on Windows 2000 networks. Without this capability, the replication would easily saturate WAN connections and make Windows 2000 Active Directory unmanageable. When the replication within a site is not compressed, replication between sites will be. Within a site, Active Directory assumes a high-speed connection and, to save processing time, does not compress the data. Between-site bandwidth is assumed to be lower. Therefore, Active Directory compresses the data being transferred between sites. Active Directory also enables the replication between the sites to be scheduled so that it only happens during scheduled hours. During those hours, you still have the option of changing the interval of the replication. Before you can set this up, you need to move a domain controller to another site. Then you need to create a connection between that domain controller and one in another site. Because replication is done between domain controllers, you need to add domain controllers to the site to which they physically belong. Clients within a site also look for a domain controller in the site to log on to, and by moving a domain controller to the site, you decrease the logon times, increasing satisfaction with the network. Moving Domain Controllers Install, configure, and troubleshoot the components of Active Directory. l Move server objects between sites. The capability to control replication and to ensure that users are able to log on within a reasonable amount of time requires that you be able to locate domain controllers near the users. This requires that you occasionally move a domain controller between sites. The purposes of a site are to help manage the replication between domain controllers and to manage replication across slow network links. In addition to creating the site and adding subnets to that site, you need to move domain controllers into the site. To move a domain controller, follow these simple steps. Step by Step 3.13 Moving a Domain Controller 1. Open Active Directory Sites and Services. 2. Expand the Sites folder and then expand the site where the server is currently located. 3. In the site, expand the Servers folder. 4. Right-click on the server and choose Move. 5. From the dialog box (see Figure 3.28), choose the destination subnet and click OK.

Installing Active Directory

Installing Active Directory Installing Active Directory 119 Installing Active Directory Installing Active Directory is an easy and straightforward process as long as you planned adequately and made the necessary decisions beforehand.

More information

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2 Islamic University of Gaza College of Engineering Computer Department Computer Networks Lab Introduction to Administering Accounts and Resources Prepared By: Eng.Ola M. Abd El-Latif Mar. /2010 0 :D Objectives

More information

Introduction. Versions Used Windows Server 2003

Introduction. Versions Used Windows Server 2003 Training Installing Active Directory Introduction As SonicWALL s products and firmware keeps getting more features that are based on integration with Active Directory, e.g., Active Directory Connector

More information

How to. Install Active Directory. Server 2003

How to. Install Active Directory. Server 2003 How to Install Active Directory on Server 2003 Table of Content HOW DO I INSTALL ACTIVE DIRECTORY ON MY WINDOWS SERVER 2003 SERVER?... 2 STEP 1: CONFIGURE THE COMPUTER'S SUFFIX... 3 STEP 2: CONFIGURING

More information

With Windows Server 2003 Active Directory

With Windows Server 2003 Active Directory Understanding Active Directory Domains and Trusts With Windows Server 2003 Active Directory Domains and Trusts structure, you can control the information flow, access to resources, security, and the type

More information

How do I install Active Directory on my Windows Server 2003 server?

How do I install Active Directory on my Windows Server 2003 server? How do I install Active Directory on my Windows Server 2003 server? Here is a quick list of what you must have: An NTFS partition with enough free space An Administrator's username and password The correct

More information

Implementing Domain Name Service (DNS)

Implementing Domain Name Service (DNS) Implementing Domain Name Service (DNS) H C A 1 P T E R ITINERARY Objective 1.01 Objective 1.02 Objective 1.03 Install and Configure DNS for Active Directory Integrate Active Directory DNS Zones with Existing

More information

Creating a Domain Tree

Creating a Domain Tree 156 Chapter 4 Installing and Managing Trees and Forests Using the Active Directory Installation Wizard, you can quickly and easily create new domains by promoting a Windows Server 2008 stand-alone server

More information

Module 7: Implementing Sites to Manage Active Directory Replication

Module 7: Implementing Sites to Manage Active Directory Replication Module 7: Implementing Sites to Manage Active Directory Replication Contents Overview 1 Lesson: Introduction to Active Directory Replication 2 Lesson: Creating and Configuring Sites 14 Lesson: Managing

More information

Installation of MicroSoft Active Directory

Installation of MicroSoft Active Directory Installation of MicroSoft Active Directory Before you start following this article you must be aware this is simply a lab setup and you need to assign relevant ip address, hostnames & domain names which

More information

Forests, trees, and domains

Forests, trees, and domains Active Directory is a directory service used to store information about the network resources across a. An Active Directory (AD) structure is a hierarchical framework of objects. The objects fall into

More information

How to install Small Business Server 2003 in an existing Active

How to install Small Business Server 2003 in an existing Active Page 1 of 6 How to install Small Business Server 2003 in an existing Active Directory domain INTRODUCTION This article describes how to install a Microsoft Windows Small Business Server (SBS) 2003-based

More information

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure (Exam 70-294) Table of Contents Course Overview... 2 Section 1.1: Introduction to Active Directory... 3 Section

More information

Introduction to Active Directory Services

Introduction to Active Directory Services Introduction to Active Directory Services Tom Brett A DIRECTORY SERVICE A directory service allow businesses to define manage, access and secure network resources including files, printers, people and

More information

Managing an Active Directory Infrastructure

Managing an Active Directory Infrastructure 3 CHAPTER 3 Managing an Active Directory Infrastructure Objectives This chapter covers the following Microsoft-specified objectives for the Planning and Implementing an Active Directory Infrastructure

More information

How To Install And Configure Windows Server 2003 On A Student Computer

How To Install And Configure Windows Server 2003 On A Student Computer Course: WIN310 Student Lab Setup Guide Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 STUDENT COMPUTER SETUP Hardware Requirements All hardware must be on the Microsoft

More information

Moving the TRITON Reporting Databases

Moving the TRITON Reporting Databases Moving the TRITON Reporting Databases Topic 50530 Web, Data, and Email Security Versions 7.7.x, 7.8.x Updated 06-Nov-2013 If you need to move your Microsoft SQL Server database to a new location (directory,

More information

Overview of Active Directory Replication and Sites

Overview of Active Directory Replication and Sites 200 Chapter 5 Configuring Sites and Replication networks and the types of technology available at locations throughout the world. In remote or less-developed locations, you may not even be able to get

More information

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Chapter 10 Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Implement and troubleshoot Group Policy. Create a Group Policy object (GPO). Link an existing GPO. Delegate administrative

More information

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval 1. What is Active Directory schema? Answer: The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. 2. What is global catalog

More information

Understanding. Active Directory Replication

Understanding. Active Directory Replication PH010-Simmons14 2/17/00 6:56 AM Page 171 F O U R T E E N Understanding Active Directory Replication In previous chapters, you have been introduced to Active Directory replication. Replication is the process

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425C Course Length: 5 Days Course Overview This five-day course provides in-depth training on implementing,

More information

Active Directory integration with CloudByte ElastiStor

Active Directory integration with CloudByte ElastiStor Active Directory integration with CloudByte ElastiStor Prerequisite Change the time and the time zone of the Active Directory Server to the VSM time and time zone. Enabling Active Directory at VSM level

More information

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : 2010-2014. : Information Technology

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : 2010-2014. : Information Technology COURSE FILE (COURSE PLAN) Year : 2012-13 Sem: ODD Faculty Details Name of the Faculty : Mullai.P & Yaashuwanth.C Designation : Assistant Professor ( OG. ),Assistant Professor (OG) Department : Information

More information

Course: WIN310. Student Lab Setup Guide. Summer 2010. Microsoft Windows Server 2003 Network Infrastructure (70-291)

Course: WIN310. Student Lab Setup Guide. Summer 2010. Microsoft Windows Server 2003 Network Infrastructure (70-291) Course: WIN310 Student Lab Setup Guide Summer 2010 Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 Published by Wiley & Sons 1 STUDENT COMPUTER SETUP Hardware Requirements

More information

Managing an Active Directory Infrastructure O BJECTIVES

Managing an Active Directory Infrastructure O BJECTIVES O BJECTIVES This chapter covers the following Microsoft-specified objectives for the Planning and Implementing an Active Directory Infrastructure and Managing and Maintaining an Active Directory Infrastructure

More information

Module 2: Implementing an Active Directory Forest and Domain Structure

Module 2: Implementing an Active Directory Forest and Domain Structure Contents Overview 1 Lesson: Creating a Forest and Domain Structure 2 Lesson: Examining Active Directory Integrated DNS 22 Lesson: Raising Forest and Domain Functional Levels 36 Lesson: Creating Trust Relationships

More information

Windows Server 2003 Active Directory MST 887. Course Outline

Windows Server 2003 Active Directory MST 887. Course Outline Content and/or textbook subject to change without notice. Pennsylvania College of Technology Workforce Development & Continuing Education Windows Server 2003 Active Directory MST 887 Course Outline Course

More information

ACTIVE DIRECTORY REPLICATION: HOW IT WORKS

ACTIVE DIRECTORY REPLICATION: HOW IT WORKS ACTIVE DIRECTORY REPLICATION: HOW IT WORKS Active Directory is a great tool. And Now a days it hard to imagine a windows network without active directory. In this part we will see what active directory

More information

Using Logon Agent for Transparent User Identification

Using Logon Agent for Transparent User Identification Using Logon Agent for Transparent User Identification Websense Logon Agent (also called Authentication Server) identifies users in real time, as they log on to domains. Logon Agent works with the Websense

More information

Active Directory Restoration

Active Directory Restoration Active Directory Restoration This document outlines the steps required to recover an Active Directory Infrastructure, running on Windows 2003 R2 Server Standard. The scope of this document covers the scenario

More information

WatchGuard Mobile User VPN Guide

WatchGuard Mobile User VPN Guide WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425B Course Length: 5 Days Course Overview This five-day course provides to teach Active Directory Technology

More information

How the Active Directory Installation Wizard Works

How the Active Directory Installation Wizard Works How the Active Directory Installation Wizard Works - Directory Services: Windows Serv... Page 1 of 18 How the Active Directory Installation Wizard Works In this section Active Directory Installation Wizard

More information

Setting Up a Backup Domain Controller

Setting Up a Backup Domain Controller Setting Up a Backup Domain Controller June 27, 2012 Copyright 2012 by World Class CAD, LLC. All Rights Reserved. A Backup Domain Controller After setting up a primary domain controller, we will want to

More information

Chapter. Configuring Sites and Replication MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Chapter. Configuring Sites and Replication MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: 61675c05.fm Page 197 Wednesday, April 2, 2008 6:02 PM Chapter 5 Configuring Sites and Replication MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Configuring the Active Directory Infrastructure Configure

More information

AD RMS Step-by-Step Guide

AD RMS Step-by-Step Guide AD RMS Step-by-Step Guide Microsoft Corporation Published: March 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment to

More information

Believe it or not, you ve already been working with Active Directory! If

Believe it or not, you ve already been working with Active Directory! If Chapter 12 Active Directory, Part II In This Chapter Actively managing the Active Directory Understanding the difference between Active Directory planning and practical uses of Active Directory Optimizing

More information

In the Active Directory Domain Services Window, click Active Directory Domain Services.

In the Active Directory Domain Services Window, click Active Directory Domain Services. Installing the Active Directory Domain Services Role Press the Ctrl-Alt-Del on the xxrwdc computer. Log in as the default administrator of the local computer with the username Administrator and cisisthebest!

More information

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM Abstract This paper explains how to setup Active directory service on windows server 2008.This guide also explains about how to install

More information

IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory

IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory 2008 IT ACADEMY LESSON PLAN Microsoft Windows Server Active Directory Microsoft Windows Server 2008 Active Directory: Lesson Plans Introduction Preparing to teach a course on Microsoft Windows Server 2008

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing MCTS Guide to Microsoft Windows 7 Chapter 13 Enterprise Computing Objectives Understand Active Directory Use Group Policy to control Windows 7 Control device installation with Group Policy settings Plan

More information

Basic Windows 2000/ Windows 2000 Server Installation and Configuration

Basic Windows 2000/ Windows 2000 Server Installation and Configuration d229466 Ch01.F 1/22/03 10:03 AM Page 11 CHAPTER 1 Basic Windows 2000/ Windows 2000 Server Installation and Configuration This chapter steps you through the installation process of your Windows-based Tiger

More information

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services... Contents 1. Introduction... 3 1.1. Setup... 3 2. Introduction to Active Directory Services... 4 3. Installing and Configuring Active Directory Services... 5 3.1. Joining to Domain... 5 3.2. Promoting Member

More information

Managing Name Resolution

Managing Name Resolution 3 CHAPTER THREE Managing Name Resolution Terms you ll need to understand: Windows Internet Naming Service (WINS) WINS Proxy Agent LMHOSTS Tombstoning Persistent Connections Push/pull partner Hostnames

More information

Searching for accepting?

Searching for accepting? If you have set up a domain controller previously with Windows 2000 Server, or Windows Server 2003, then you would be familiar with the dcpromo.exe command also be used to set up a Domain Controller on

More information

Setting up Active Directory Domain Services

Setting up Active Directory Domain Services Setting up Active Directory Domain Services Tom Brett CREATING A SINGLE DOMAIN FOREST Once you have Windows Server 2008 R2 installed, it s pretty easy to create a domain you simply run the domain controller

More information

Managing, Monitoring, and Troubleshooting the Exchange Organization...

Managing, Monitoring, and Troubleshooting the Exchange Organization... 6 Managing, Monitoring, and Troubleshooting the Exchange Organization............................................... Terms you ll need to understand: Back-end server Child folder Default public folder

More information

Module 11. Configuring and Managing Distributed File System. Contents:

Module 11. Configuring and Managing Distributed File System. Contents: Configuring and Managing Distributed File System 11-1 Module 11 Configuring and Managing Distributed File System Contents: Lesson 1: DFS Overview 11-3 Lesson 2: Configuring DFS Namespaces 11-15 Lesson

More information

CHAPTER THREE. Managing Groups

CHAPTER THREE. Managing Groups 3 CHAPTER THREE Managing Groups Objectives This chapter covers the following Microsoft-specified objectives for the Managing Users, Computers, and Groups section of the Managing and Maintaining a Microsoft

More information

How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller

How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller I am not responsible for your actions or their outcomes, in any way,

More information

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D. ACTIVE DIRECTORY AD: Is a centralized database where it contains the information about the objects like users, groups, computers, printers etc. AD is a centralized hierarchical Directory Database. AD is

More information

Outpost Network Security

Outpost Network Security Administrator Guide Reference Outpost Network Security Office Firewall Software from Agnitum Abstract This document provides information on deploying Outpost Network Security in a corporate network. It

More information

Planning Domain Controller Capacity

Planning Domain Controller Capacity C H A P T E R 4 Planning Domain Controller Capacity Planning domain controller capacity helps you determine the appropriate number of domain controllers to place in each domain that is represented in a

More information

5 Configuring a DNS Infrastructure

5 Configuring a DNS Infrastructure 5 Configuring a DNS Infrastructure Exam Objectives in this Chapter: Configure a DNS server. Configure DNS zone options. Configure DNS forwarding. Manage DNS zone settings. Manage DNS server options. Why

More information

Windows Server 2008 Active Directory Resource Kit

Windows Server 2008 Active Directory Resource Kit Windows Server 2008 Active Directory Resource Kit Stan Reimer, Mike Mulcare, Conan Kezema, Byron Wright w MS AD Team PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft

More information

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Microsoft Corporation Published: October 2006 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide

More information

istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster

istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster Tuesday, December 26, 2013 KernSafe Technologies, Inc www.kernsafe.com Copyright KernSafe Technologies 2006-2013.All right reserved.

More information

AVG Business SSO Connecting to Active Directory

AVG Business SSO Connecting to Active Directory AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud

More information

MCSE STUDY GUIDE Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-217 Edition 1

MCSE STUDY GUIDE Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-217 Edition 1 MCSE STUDY GUIDE Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-217 Edition 1 Congratulations!! You have purchased a Troy Technologies USA Study Guide.

More information

How To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows)

How To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows) Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,

More information

Installing the Microsoft Network Driver Interface

Installing the Microsoft Network Driver Interface Installing the Microsoft Network Driver Interface Overview This guide explains how to install the PictureTel Live200 Microsoft Network Driver Interface (NDIS) software you have downloaded from PictureTel's

More information

Active Directory Integration Guide

Active Directory Integration Guide Chancery SMS Version 5.4 or Higher Active Directory Integration Guide Revised September 2005 CSL - 12458 The Chancery SMS Documentation Team: Joanna Denford, Linda MacShane, Sarah Hewson, Karin Jensen,

More information

Windows Domain Network Configuration Guide

Windows Domain Network Configuration Guide Windows Domain Network Configuration Guide Windows Domain Network Configuration Guide for CCC Pathways Copyright 2008 by CCC Information Services Inc. All rights reserved. No part of this publication may

More information

Ultimus and Microsoft Active Directory

Ultimus and Microsoft Active Directory Ultimus and Microsoft Active Directory May 2004 Ultimus, Incorporated 15200 Weston Parkway, Suite 106 Cary, North Carolina 27513 Phone: (919) 678-0900 Fax: (919) 678-0901 E-mail: documents@ultimus.com

More information

Application Note 116: Gauntlet System High Availability Using Replication

Application Note 116: Gauntlet System High Availability Using Replication Customer Service: 425-487-1515 Technical Support: 425-951-3390 Fax: 425-487-2288 Email: info@teltone.com support@teltone.com Website: www.teltone.com Application Note 116: Gauntlet System High Availability

More information

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Analyze the impact of Active Directory on the existing technical environment. Analyze hardware and software

More information

Windows Server 2008 Active Directory Resource Kit

Windows Server 2008 Active Directory Resource Kit Windows Server 2008 Active Directory Resource Kit Stan Reimer, Conan Kezema, Mike Mulcare, and Byron Wright with the Microsoft Active Directory Team To learn more about this book, visit Microsoft Learning

More information

Core Active Directory Administration

Core Active Directory Administration Chapter 7 Core Active Directory Administration In this chapter: Tools for Managing Active Directory............................157 Using the Active Directory Users And Computers Tool............162 Managing

More information

StorSimple Appliance Quick Start Guide

StorSimple Appliance Quick Start Guide StorSimple Appliance Quick Start Guide 5000 and 7000 Series Appliance Software Version 2.1.1 (2.1.1-267) Exported from Online Help on September 15, 2012 Contents Getting Started... 3 Power and Cabling...

More information

Appendix B Lab Setup Guide

Appendix B Lab Setup Guide JWCL031_appB_467-475.indd Page 467 5/12/08 11:02:46 PM user-s158 Appendix B Lab Setup Guide The Windows Server 2008 Applications Infrastructure Configuration title of the Microsoft Official Academic Course

More information

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

How To Manage Storage With Novell Storage Manager 3.X For Active Directory www.novell.com/documentation Installation Guide Novell Storage Manager 4.1 for Active Directory September 10, 2015 Legal Notices Condrey Corporation makes no representations or warranties with respect

More information

DeviceLock Management via Group Policy

DeviceLock Management via Group Policy User Manual DeviceLock Management via Group Policy SmartLine Inc 1 Contents Using this Manual...3 1. General Information...4 1.1 Overview...4 1.2 Applying Group Policy...5 1.3 Standard GPO Inheritance

More information

Dell Compellent Storage Center

Dell Compellent Storage Center Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

Joining. Domain. Windows XP Pro

Joining. Domain. Windows XP Pro Joining a Domain in Windows XP Pro Table of Content HOW DO I CHANGE A COMPUTER'S DESCRIPTION, NAME, OR JOIN A DOMAIN IN WINDOWS XP PRO?... 1 TO ADD A COMPUTER DESCRIPTION... 1 TO CHANGE A COMPUTER NAME...

More information

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition The installation of Lync Server 2010 is a fairly task-intensive process. In this article, I will walk you through each of the tasks,

More information

Restructuring Active Directory Domains Within a Forest

Restructuring Active Directory Domains Within a Forest C H A P T E R 1 2 Restructuring Active Directory Domains Within a Forest Restructuring Active Directory directory service domains within a forest with the goal of reducing the number of domains allows

More information

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x CHAPTER 6 Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x In this chapter, you do the following tasks in the order listed: 1. Install Exchange on the Cisco Unity server,

More information

Lesson Plans Managing a Windows 2003 Network Infrastructure

Lesson Plans Managing a Windows 2003 Network Infrastructure Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...

More information

In the same spirit, our QuickBooks 2008 Software Installation Guide has been completely revised as well.

In the same spirit, our QuickBooks 2008 Software Installation Guide has been completely revised as well. QuickBooks 2008 Software Installation Guide Welcome 3/25/09; Ver. IMD-2.1 This guide is designed to support users installing QuickBooks: Pro or Premier 2008 financial accounting software, especially in

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

MCSE STUDY GUIDE Designing a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-219 Edition 1

MCSE STUDY GUIDE Designing a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-219 Edition 1 MCSE STUDY GUIDE Designing a Microsoft Windows 2000 Directory Services Infrastructure Exam 70-219 Edition 1 Congratulations!! You have purchased a Troy Technologies USA Study Guide. This study guide is

More information

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE Contents Introduction... 3 Step 1 Create Azure Components... 5 Step 1.1 Virtual Network... 5 Step 1.1.1 Virtual Network Details... 6 Step 1.1.2 DNS Servers

More information

Chapter 15: Advanced Networks

Chapter 15: Advanced Networks Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical

More information

Pro Bundle Evaluator s Guide. 2015 Software Pursuits, Inc.

Pro Bundle Evaluator s Guide. 2015 Software Pursuits, Inc. Pro Bundle Evaluator s Guide 2015 Table of Contents Introduction... 2 System Requirements... 2 Contact Information... 3 About the Communications Agent Add-On... 3 Other SureSync Add-Ons... 4 File Locking

More information

CGIAR Active Directory Design Assessment DRAFT. 18 September 2007

CGIAR Active Directory Design Assessment DRAFT. 18 September 2007 CGIAR Active Directory Design Assessment DRAFT 18 September 2007 1170 Hamilton Court Menlo Park, California 94025 www.cgnet.com Table of Contents 1. Executive Summary...3 2. Introduction...4 3. Alternative

More information

Creating a New Domain Tree in the Forest

Creating a New Domain Tree in the Forest Creating Domain Trees and Forests 163 Creating a New Domain Tree in the Forest 1. Open the Active Directory Installation Wizard by clicking Start Run, and typing dcpromo. Click the Use Advanced Mode Installation

More information

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology Introduction Exchange Server 2007 (RTM and SP1) Hub Transport servers are resilient by default. This

More information

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015 TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015 2201 Thurston Circle Bellevue, NE 68005 www.tigerpawsoftware.com Contents Tigerpaw Exchange Integrator Setup Guide v3.6.0... 1 Contents...

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

with the ArchiveSync Add-On Evaluator s Guide 2015 Software Pursuits, Inc.

with the ArchiveSync Add-On Evaluator s Guide 2015 Software Pursuits, Inc. with the ArchiveSync Add-On Evaluator s Guide 2015 Table of Contents Introduction... 2 System Requirements... 2 Contact Information... 3 Required Add-Ons for ArchiveSync in Real-Time... 3 Communications

More information

Microsoft BackOffice Small Business Server 4.5 Installation Instructions for Compaq Prosignia and ProLiant Servers

Microsoft BackOffice Small Business Server 4.5 Installation Instructions for Compaq Prosignia and ProLiant Servers Integration Note October 2000 Prepared by OS Integration Engineering Compaq Computer Corporation Contents Introduction...3 Requirements...3 Minimum Requirements...4 Required Information...5 Additional

More information

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet CONTENTS Installation System requirements SQL Server setup Setting up user accounts Authentication mode Account options Import from

More information

Windows.NET Beta 3 Active Directory New Features

Windows.NET Beta 3 Active Directory New Features Windows.NET Beta 3 Active Directory New Features Wolfgang Werner Compaq Decus Bonn 2002 Agenda Install Replica from Media Domain Controller Rename Domain Rename Universal Group Membership Caching Linked

More information

Installing and Setting up Microsoft DNS Server

Installing and Setting up Microsoft DNS Server Training Installing and Setting up Microsoft DNS Server Introduction Versions Used Windows Server 2003 Setup Used i. Server Name = martini ii. Credentials: User = Administrator, Password = password iii.

More information

Active Directory. By: Kishor Datar 10/25/2007

Active Directory. By: Kishor Datar 10/25/2007 Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage

More information

Windows Server 2003 Active Directory: Perspective

Windows Server 2003 Active Directory: Perspective Mary I. Hubley, MaryAnn Richardson Technology Overview 25 September 2003 Windows Server 2003 Active Directory: Perspective Summary The Windows Server 2003 Active Directory lies at the core of the Windows

More information

SharePoint Server for Business Intelligence

SharePoint Server for Business Intelligence SharePoint Server for Business Intelligence SharePoint Business Intelligence Content Team Summary: Step-by-step, learn how to install and configure SharePoint Server 2010 and SQL Server 2008 to create

More information

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering Tuesday, Feb 21 st, 2012 KernSafe Technologies, Inc. www.kernsafe.com Copyright KernSafe Technologies 2006-2012.

More information